CVE-2008-4819

Vulnerability

Adobe Flash Player version 9.0.124.0 and earlier contains an unspecified vulnerability that makes it easier for remote attackers to conduct DNS rebinding attacks. The issue exists in the player's handling of network requests, allowing an attacker to bypass the same-origin policy by manipulating DNS resolutions. [2][4]

Exploitation

An attacker can exploit this flaw by hosting a malicious SWF file that performs a DNS rebinding attack. The attacker must control a domain that initially resolves to a benign IP address (allowed by the Flash security sandbox) but then switches to a different IP address (e.g., internal network) after the SWF has loaded. This can be done by controlling both the DNS server and a web server. No authentication is required; the attack is remote and can be triggered by enticing a user to visit a malicious website or view a crafted SWF. [2][4]

Impact

Successful exploitation allows the attacker to bypass the same-origin policy in Flash Player. This can lead to information disclosure (e.g., reading data from internal networks or local services), unauthorized access to the victim's local network resources, and potentially further attacks such as cross-site request forgery. The attacker can also capture data from services that trust the attacker's domain. [2][4]

Mitigation

Adobe released Flash Player 9.0.124.0 (or later versions) to address this issue, but the exact fixed version is not explicitly stated in the references. Apple’s Security Update 2008-008 and Red Hat’s RHSA-2008-0980 included updates for Flash Player. Avaya and Sun advisory references indicate that updates were available. Users should upgrade to Flash Player 10.0.12.36 or later, as recommended for related CVEs. If upgrading is not possible, limit the use of untrusted SWF files and restrict network access to Flash Player content. [1][2][3][4]